Does 'connlimit' module on Red Hat Enterprise Linux 5 work properly?
Environment
- Red Hat Enterprise Linux 5
Issue
-
Does 'connlimit' module on Red Hat Enterprise Linux 5 work properly?
-
How to use the 'connlimit' module for iptables setting to have connection limit?
Resolution
- There was a bug for iptables package whereby the connlimit module did not work properly.
An update package fixing this issue is available through the following errata.
RHBA-2009:1539-1
http://rhn.redhat.com/errata/RHBA-2009-1539.html
The kernel support for the module is also required. An Errata and Security Advisory with kernel security and bug fix update is available at
RHSA-2009:1243-3
http://rhn.redhat.com/errata/RHSA-2009-1243.html
- After the above specified upgrades have been done, the 'connlimit' module can be used with the '
iptables' command, as in the example shown below.
# iptables -I INPUT -p tcp -m connlimit --connlimit-above 5 -j DROP
As per the example above, only upto 5 tcp connections to the server from the same IP Address would be allowed. For more examples using the 'connlimit' module, please see the manual page of iptables.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments